3738
Comment:
|
← Revision 3 as of 2021-11-18 10:56:16 ⇥
3691
|
Deletions are marked like this. | Additions are marked like this. |
Line 6: | Line 6: |
# aptitude install python python-ipy python-dns python-twisted-core python-twisted-bin | # aptitude install python python-ipy python-dns python-twisted-core python-twisted-bin python-ldap |
Line 8: | Line 8: |
# dpkg -i python-spf_2.0.3-0_all.deb | # dpkg -i python-spf_2.0.3-0_all.deb |
Line 22: | Line 22: |
aptitude install python python-ipy python-dns python-twisted-core python-twisted-bin | aptitude install python python-ipy python-dns python-twisted-core python-twisted-bin python-ldap |
Line 29: | Line 29: |
aptitude install python-ipy python-dns python-twisted-core python-twisted-bin python-spf | aptitude install python-ipy python-dns python-twisted-core python-twisted-bin python-spf python-ldap |
Line 34: | Line 34: |
yum install python-twisted-core python-pyspf python-pydns python-IPy python-devel | yum install python-twisted-core python-pyspf python-pydns python-IPy python-devel python-ldap |
Line 45: | Line 45: |
* ldap: http://python-ldap.sourceforge.net/ | |
Line 53: | Line 54: |
# wget http://download.gna.org/apolicy/apolicy-0.73.tar.gz # tar zxf apolicy-0.73.tar.gz |
# wget ftp://ftp.uma.es/pub/apolicy/apolicy-0.74-1.tar.gz # tar zxf apolicy-0.74-1.tar.gz # cd apolicy-0.74-1 |
Line 68: | Line 70: |
=== Verify integrity and authenticity === | === Verify integrity and authenticity <= 0.73 === |
Line 77: | Line 79: |
To start the daemon, you can use one of the init scripts supplied with the source. * '''debian/apolicy.init''': use this init script for Debian and derivatives * '''apolicy.init''': use this init script for Red Hat-like distributions Copy one of them to ''/etc/init.d'', renaming to just ''apolicy''. Red Hat-like distributions: |
To start the daemon |
Line 85: | Line 81: |
# chkconfig --add apolicy | systemctl daemon-reload systemctl enable apolicy systemctl start apolicy |
Line 88: | Line 86: |
Debian and derivatives: {{{ # update-rc.d apolicy defaults }}} Then use the your normal procedure to start/stop the service. |
Note that the supplied default cofiguration comes with a complex example that makes apolicy fail to start. This is because the example need datasource configuration. Adapt the configuraton with trivial stuff and make apolicy starts. |
Line 98: | Line 91: |
In case of any problem, check /var/log/syslog and /var/log/mail.log. |
In case of any problem, check /var/log/syslog and /var/log/maillog. |
Installation
Debian Etch 4.0 dependencies
# aptitude install python python-ipy python-dns python-twisted-core python-twisted-bin python-ldap # wget http://ufpr.dl.sourceforge.net/sourceforge/pymilter/python-spf_2.0.3-0_all.deb # dpkg -i python-spf_2.0.3-0_all.deb
For all Ubuntu releases, make sure that the Universe repository is in your sources.list.
Ubuntu 6.06 dependencies
Add Dapper backports in sources.list.
deb http://archive.ubuntu.com/ubuntu dapper-backports main universe
aptitude install python python-ipy python-dns python-twisted-core python-twisted-bin python-ldap aptitude install -t dapper-backports python-spf
Ubuntu 6.10, 7.04, 7.10, 8.04 dependencies
aptitude install python-ipy python-dns python-twisted-core python-twisted-bin python-spf python-ldap
Fedora 7, 8, 9 dependencies
yum install python-twisted-core python-pyspf python-pydns python-IPy python-devel python-ldap
Other distributions
apolicy depends on the following Python modules:
twisted >= 2.4: http://twistedmatrix.com/
ipy >= 0.50: http://software.inl.fr/trac/wiki/IPy
pydns >= 2.3: http://pydns.sourceforge.net/
pyspf >= 2.0: http://www.bmsi.com/python/milter.html
Your distribution might have most of them already packaged.
Installing apolicy from source
The following commands should do just fine, you must be root:
# wget ftp://ftp.uma.es/pub/apolicy/apolicy-0.74-1.tar.gz # tar zxf apolicy-0.74-1.tar.gz # cd apolicy-0.74-1 # python setup.py install
If you are updating a previous installation, don't run python setup.py install, instead run this one:
# python setup.py install_lib
The command above will preserve your configuration files.
Take a look at /etc/apolicy/main.conf for additional settings, and /etc/apolicy/policy.conf for the ACLs, actions and access configuration.
Verify integrity and authenticity <= 0.73
# wget http://www.apolicy.org/gpg/miguelfilho.gpg -O- -q | gpg --import # wget http://download.gna.org/apolicy/apolicy-0.73.tar.gz.sig # gpg --verify apolicy-0.73.tar.gz.sig
init scripts
To start the daemon
systemctl daemon-reload systemctl enable apolicy systemctl start apolicy
Note that the supplied default cofiguration comes with a complex example that makes apolicy fail to start. This is because the example need datasource configuration. Adapt the configuraton with trivial stuff and make apolicy starts.
apolicy will listen by default on 127.0.0.1:10001.
By now the proccess must be running, check with ps and netstat. In case of any problem, check /var/log/syslog and /var/log/maillog.
Configuring Postfix
Just add check_policy_service inet:127.0.0.1:10001 to smtpd_client_restrictions, smtpd_recipient_restrictions etc, and you are good to go.
For the size acl works properly, apolicy must to be called from smtpd_end_of_data_restrictions.
Restart Postfix.
Logging
There is two log sources to get information, first is the log sent to syslog, using the mail facility. The other is the file /var/log/twistd.log. This file contains critical errors from the twisted daemon, keep an eye on this file too.
Debugging
You can turn debug on editing the configuration file /etc/apolicy/main.conf. Go to the bottom of the file and change this:
[logger_apolicy] level=INFO
To this:
[logger_apolicy] level=DEBUG
Then restart apolicy.